Methods and apparatus for sim-based authentication of non-sim devices

ABSTRACT

Methods and apparatus presented herein allow a non-SIM device to access a paid Wi-Fi network by having a server emulate the non-SIM device as a related SIM-enabled device to a mobile operator. The mobile operator is led to believe that the non-SIM device is the related SIM-enabled device, and thereby grants authorization to the non-SIM device to access the paid Wi-Fi network.

BACKGROUND OF THE DISCLOSURE

A subscriber identity module (SIM) card stores a variety ofidentification information for a mobile device. The SIM card can existin either hardware (e.g., an integrated circuit chip) or software (e.g.,a virtual SIM) forms. During operation, the mobile device connects to awireless communication subscriber network, and utilizes the SIM card toobtain authorization to access services from the subscriber network.

In many regions of world, paid Wi-Fi networks are becoming widespread.As such, mobile operators are increasingly allowing data offloading tothese Wi-Fi networks. To accomplish this, SIM-based authentication isnormally used, which allows a mobile device to access a paid Wi-Finetwork by using the credentials stored on the SIM card of the mobiledevice. SIM-based authentication is convenient because no additionalcredential-provisioning steps are needed. Further, as the SIM card istied to an account that is associated with the mobile device, the mobileoperators can easily bill the account for any Wi-Fi data usage.Moreover, as the SIM card is tied to an identity of a user of theaccount, certain legal requirements for Internet access can be satisfiedin countries that mandate such requirements.

However, SIM-based authentication only works for SIM-enabled devices(e.g., smartphones with active SIM cards therein). The typical usertoday will also have many devices without SIM cards (e.g., tablets,laptops, gaming consoles, etc.) that the user would like to use toaccess paid Wi-Fi services. Accordingly, finding ways to allow theseever-growing number of non-SIM devices to automatically authenticate andconnect to paid Wi-Fi networks has become a challenge.

SUMMARY OF THE DISCLOSURE

Briefly, to allow a non-SIM device the ability to access a paid Wi-Finetwork, a server emulates the non-SIM device as a related SIM-enableddevice to a mobile operator. The mobile operator is led to believe thatthe non-SIM device is the related SIM-enabled device, and thereby grantsauthorization to the non-SIM device to access the paid Wi-Fi network.Said in another way, the mobile operator grants the non-SIM deviceaccess to the paid Wi-Fi network based on an association with therelated SIM-enabled device.

In one example, the server obtains and stores the credentials of therelated SIM-enabled device. The server then provisions a digitalcryptographic certificate to the non-SIM device. The certificate islinked to the related SIM-enabled device. When the non-SIM device isready to connect to the paid Wi-Fi network, the non-SIM device presentsthe certificate to the server for authentication. Based on theauthentication, the server determines the related SIM-enabled device,and uses the credentials of the related SIM-enabled device to createemulated messages for the non-SIM device to pass on to the mobileoperator. This makes the non-SIM device appear as the relatedSIM-enabled device. In doing so, the server is able to convince themobile operator to grant the non-SIM device permission to access and usethe services of the paid Wi-Fi network.

In another example, based on the authentication of the certificate, theserver determines the association of the non-SIM device with the relatedSIM-enabled device. The server then transmits the association to themobile operator. Based on the association, the mobile operator links thenon-SIM device to an account associated with the related SIM-enableddevice. In this manner, the mobile operator is made aware of theidentity of the non-SIM device. The server then transmits messages forthe non-SIM device to the mobile operator, and the mobile operator inturn grants the non-SIM device permission to access and use the servicesof the paid Wi-Fi network.

In one example, a method by a server for SIM-based authentication of anon-SIM device includes receiving an access request to access a Wi-Finetwork from the non-SIM device. In response to the access request, themethod also includes enabling the non-SIM device to access the Wi-Finetwork by emulating an ability of a related SIM-enabled device toaccess the Wi-Fi network for the non-SIM device as though the non-SIMdevice was the related SIM-enabled device.

In another example, the method may include receiving a non-SIM devicecertificate with a SIM-enabled device link from the non-SIM device aspart of the access request. Further, the method may include determiningan association between identification data of the non-SIM device andidentification data of the related SIM-enabled device as part ofemulating the ability of the related SIM-enabled device to access theWi-Fi network for the non-SIM device. Moreover, the determination of theassociation may involve authenticating the non-SIM device based on thenon-SIM device certificate with a SIM-enabled device link, and thendetermining the related SIM-enabled device in response to theauthentication of the non-SIM device certificate with a SIM-enableddevice link.

The method may further include creating, by the server, an emulatedSIM-operator authentication message for the non-SIM device usingcredentials of the related SIM-enabled device based on the authenticatednon-SIM device certificate with a SIM-enabled device link. The servermay communicate the emulated SIM-operator authentication message to amobile SIM-operator server to make the mobile SIM-operator serverbelieve that it is the related SIM-enabled device that is requestingaccess to the Wi-Fi network instead of the non-SIM device. Accordingly,the server may receive either an access granted message or an accessdenied message for the non-SIM device in response to communicating theemulated SIM-operator authentication message. The server may, in turn,communicate either the access granted message or access denied messageto an access point of the Wi-Fi network. This enables the non-SIM deviceto access the Wi-Fi network by either granting the non-SIM device accessto the Wi-Fi network based on the access granted message, oralternatively, denying the non-SIM device access to the Wi-Fi networkbased on the access denied message.

The method may further include receiving, by the server, a phone numberassociated with the related SIM-enabled device. The phone number mayserve as an additional piece of identification data for he relatedSIM-enabled device. In response to receiving the phone number, theserver may generate a verification code associated with the relatedSIM-enabled device, and communicate the verification code associated tothe related SIM-enabled device. Afterward, the server may receive theverification code from the non-SIM device. The purpose of sending andthen returning the verification code is to confirm that a sender or userof the phone number associated with the related SIM-enabled device hasactual control of the phone number. In response to receiving theverification code, the server may generate the non-SIM devicecertificate with a SIM-enabled device link, and communicate the non-SIMdevice certificate with a SIM-enabled device link to the non-SIM device.

The method may further include receiving, by the server, data usageinformation indicating an amount of data used by the non-SIM device onthe Wi-Fi network. The server may create an emulated SIM-operatoraccounting message for the non-SIM device using the data usageinformation and the credentials of the related SIM-enabled device basedon the authenticated non-SIM device certificate with a SIM-enableddevice link. The server may communicate the emulated SIM-operatoraccounting message to a mobile SIM-operator server to make the mobileSIM-operator server believe that the amount of data was used by therelated SIM-enabled device instead of the non-SIM device. Accordingly,in response to receiving the emulated SIM-operator accounting messagefor the non-SIM device from the server, the mobile SIM-operator servermay bill an account associated with the related SIM-enabled device forthe amount of data used by the non-SIM device on the Wi-Fi network.

In another example, the method may communicate, by the server, theassociation between the non-SIM device and the related SIM-enableddevice to a mobile SIM-operator server. This allows the mobileSIM-operator to be made aware of the identity of the non-SIM device.Thus, in response to receiving the association, the mobile SIM-operatorserver may link the non-SIM device to an account associated with therelated SIM-enabled device. Afterward, the server may communicate aSIM-operator authentication message for the non-SIM device to the mobileSIM-operator server. As the mobile SIM-operator recognizes the non-SIMdevice, the server may receive an access granted message in response tocommunicating the SIM-operator authentication message. The server maythen communicate the access granted message to an access point of theWi-Fi network. This enables the non-SIM device to access the Wi-Finetwork by granting the non-SIM device access to the Wi-Fi network basedon the access granted message.

The method may further include receiving, by the server, data usageinformation indicating an amount of data used by the non-SIM device onthe Wi-Fi network. The server may communicate a SIM-operator accountingmessage for the non-SIM device using the data usage information to themobile SIM-operator server. Again, as the mobile SIM-operator recognizesthe non-SIM device, the mobile SIM-operator server may bill the accountassociated with the related SIM-enabled device for the amount of dataused by the non-SIM device on the Wi-Fi network.

In one example, a server is communicatively coupled to a Wi-Fi network.The server includes a processor coupled to a communications unit. Theprocessor is configured to cause the server to receive, via thecommunications unit, an access request to access a Wi-Fi network from anon-SIM device. In response to the access request, the processor is alsoconfigured to cause the server enable the non-SIM device to access theWi-Fi network by emulating an ability of a related SIM-enabled device toaccess the Wi-Fi network for the non-SIM device as though the non-SIMdevice was the SIM-enabled device.

In another example, the server may receive a non-SIM device certificatewith a SIM-enabled device link from the non-SIM device as part of theaccess request. Further, the server may determine an association betweenidentification data of the non-SIM device and identification data of therelated SIM-enabled device as part of emulating the ability of therelated SIM-enabled device to access the Wi-Fi network for the non-SIMdevice. Moreover, the determination of the association may involveauthenticating the non-SIM device based on the non-SIM devicecertificate with a SIM-enabled device link, and then determining therelated SIM-enabled device in response to the authentication of thenon-SIM device certificate with a SIM-enabled device link.

The server may further create an emulated SIM-operator authenticationmessage for the non-SIM device using credentials of the relatedSIM-enabled device based on the authenticated non-SIM device certificatewith a SIM-enabled device link. The server may communicate the emulatedSIM-operator authentication message to a mobile SIM-operator server tomake the mobile SIM-operator server believe that it is the relatedSIM-enabled device that is requesting access to the Wi-Fi networkinstead of the non-SIM device. Accordingly, the server may receiveeither an access granted message or an access denied message for thenon-SIM device in response to communicating the emulated SIM-operatorauthentication message. The server may, in turn, communicate either theaccess granted message or access denied message to an access point ofthe Wi-Fi network. This enables the non-SIM device to access the Wi-Finetwork by either granting the non-SIM device access to the Wi-Finetwork based on the access granted message, or alternatively, denyingthe non-SIM device access to the Wi-Fi network based on the accessdenied message.

The server may further receive a phone number associated with therelated SIM-enabled device. The phone number may serve as an additionalpiece of identification data for he related SIM-enabled device. Inresponse to receiving the phone number, the server may generate averification code associated with the related SIM-enabled device, andcommunicate the verification code associated to the related SIM-enableddevice. Afterward, the server may receive the verification code from thenon-SIM device. The purpose of sending and then returning theverification code is to confirm that a sender or user of the phonenumber associated with the related SIM-enabled device has actual controlof the phone number. In response to receiving the verification code, theserver may generate the non-SIM device certificate with a SIM-enableddevice link, and communicate the non-SIM device certificate with aSIM-enabled device link to the non-SIM device.

The server may further receive data usage information indicating anamount of data used by the non-SIM device on the Wi-Fi network. Theserver may create an emulated SIM-operator accounting message for thenon-SIM device using the data usage information and the credentials ofthe related SIM-enabled device based on the authenticated non-SIM devicecertificate with a SIM-enabled device link. The server may communicatethe emulated SIM-operator accounting message to a mobile SIM-operatorserver to make the mobile SIM-operator server believe that the amount ofdata was used by the related SIM-enabled device instead of the non-SIMdevice.

In one example, a method by a server to authenticate a non-SIM deviceincludes receiving an association between the non-SIM device and arelated SIM-enabled device from another server. The method also includesthe server linking the non-SIM device to an account associated with therelated SIM-enabled device based on the received association between thenon-SIM device and the related SIM-enabled device. The method furtherincludes the server granting the non-SIM device access to a Wi-Finetwork by communicating an access granted message to the another serverin response to receiving a SIM-operator authentication message from theanother server for the non-SIM device to access the Wi-Fi network.Moreover, the method includes the server billing the account associatedwith the related SIM-enabled device for an amount of data used by thenon-SIM device on the Wi-Fi network in response to receiving aSIM-operator accounting message from the another server for the non-SIMdevice.

In one example, a server is communicatively coupled to a Wi-Fi network.The server includes means to receive an access request to access a Wi-Finetwork from a non-SIM device. In response to the access request, theserver includes means to enable the non-SIM device to access the Wi-Finetwork by emulating an ability of a related SIM-enabled device toaccess the Wi-Fi network for the non-SIM device as though the non-SIMdevice was the related SIM-enabled device.

BRIEF DESCRIPTION OF THE DRAWINGS

The disclosure will be more readily understood in view of the followingdescription when accompanied by the below figures and wherein likereference numerals represent like elements, wherein:

FIG. 1 is a block diagram generally illustrating one example of acommunication environment for SIM-based authentication of non-SIMdevices in accordance with one example set forth in the disclosure;

FIG. 2 is a block diagram illustrating one example of a server thatimplements SIM-based authentication of non-SIM devices in accordancewith one example set forth in the disclosure;

FIG. 3 is one example of a database used to support SIM-basedauthentication of non-SIM devices in accordance with one example setforth in the disclosure;

FIG. 4 is a flow chart illustrating one example of a method by a serverthat implements SIM-based authentication of non-SIM devices inaccordance with one example set forth in the disclosure;

FIG. 5 is an example of communication flow among devices and servers ina system in accordance with one example set forth in the disclosure;

FIG. 6 is a flowchart illustrating one example of a method by a serverthat implements SIM-based authentication of non-SIM devices inaccordance with one example set forth in the disclosure;

FIG. 7 is a flowchart illustrating one example of a method by a serverthat implements SIM-based authentication of non-SIM devices inaccordance with one example set forth in the disclosure;

FIG. 8 is an example of communication flow among devices and servers ina system in accordance with one example set forth in the disclosure;

FIG. 9 is a flowchart illustrating one example of a method by a serverthat implements SIM-based authentication of non-SIM devices inaccordance with one example set forth in the disclosure; and

FIG. 10 is a flowchart illustrating one example of a method by a serverthat implements SIM-based authentication of non-SIM devices inaccordance with one example set forth in the disclosure.

DETAILED DESCRIPTION OF EMBODIMENTS

Exemplary embodiments provide a technical solution that addresses theproblem of enabling a non-SIM device to access a paid Wi-Fi network byemulating the non-SIM device as a related SIM-enabled device to a mobileoperator. As used herein, a SIM-enabled device includes any mobiledevice with an active SIM card (e.g., a smartphone, a smartwatch, awearable device, etc.). A non-SIM device encompasses either a devicewithout an active SIM card or a device that may have a SIM cardphysically or electrically attached, but the SIM card is non-active ornonoperational (e.g., a tablet, a laptop, a gaming console, etc.). Moregenerally, a non-SIM device may include any suitable device with Wi-Ficapabilities that lacks an active SIM card.

FIG. 1 illustrates one example of a communication environment 100 forSIM-based authentication of non-SIM devices. The communicationenvironment 100 includes a Wi-Fi network 102 communicatively coupled toa server with SIM-based authentication of non-SIM devices 104 and amobile SIM-operator server 106. The Wi-Fi network 102 may be anywireless local area network operating under the various IEEE 802.11standards, or any other kind of wireless network. The network 102 alsoincludes at least one Wi-Fi access point (AP) 108. The Wi-Fi AP 108 mayinclude any suitable device capable of providing Wi-Fi connectivity tothe network 102. However, the Wi-Fi network 102 is a paid network,meaning that a fee is normally charged every time network services areused.

The server with SIM-based authentication of non-SIM devices 104 acts asa proxy between the Wi-Fi network 102 and the mobile SIM-operator server106. As such, the server 104 may be a gateway server, a web server, acloud server, or any other server. Although the server 104 isillustrated as a single server, the server 104 could be implemented as aplurality of servers. Moreover, in some embodiments, the server 104 maybe part of the Wi-Fi network 102.

The mobile SIM-operator server 106 may be part of or associated with awireless communication subscriber network (e.g., a GSM network, a LTEnetwork, etc.) operated by a mobile operator. As such, while not shownin FIG. 1, the server 106 may include various elements such as accessnetwork discovery & selection function (ANDSF), an authentication,authorization and accounting (AAA) server, a home location register/homesubscriber server (HLR/HSS), a packet data network gateway (PDN-GW),etc. Moreover, multiple different mobile operators may be supported bythe communication environment 100. Thus, in some embodiments, there maybe a plurality of servers 106.

Communication between the Wi-Fi network 102 and the servers 104, 106 mayoccur over the Internet. Alternatively or additionally, communicationmay occur over dedicated or private links.

The communication environment 100 also includes a SIM-enabled device 110and a non-SIM device 112. The devices 110 and 112 may be related (e.g.,belong to the same user). For example, the SIM-enabled device 110 may bea smartphone of a user while the non-SIM device 112 may be the user'slaptop. The user may wish to use one or both devices 110 and 112 toaccess the Wi-Fi network 102. The SIM-enabled device 110 can connect tothe Wi-Fi network 102 through a standard SIM-based authentication (e.g.,EAP-SIM or EAP-AKA) that uses information stored on the SIM card of thedevice 110 for authentication with the server 106. Once authenticated,the server 106 may grant the SIM-enabled device 110 access to the Wi-Finetwork 102 for data services. However, standard SIM-basedauthentication is not possible for the non-SIM device 112 due to thelack of an active or functioning SIM card. To overcome this problem, theserver 104 operates to emulate the non-SIM device 112 as the SIM-enableddevice 110 to the server 106. In particular, the server 104 stores thecredentials of the SIM-enabled device 110 and associates the credentialswith the non-SIM device 112, effectively mapping the identity and datapackage of the SIM-enabled device 110 to the non-SIM device 112. In thismanner, because the non-SIM device 112 appears as the SIM-enabled device110 to the mobile SIM-operator server 106, the server 104 is able toconvince the server 106 to grant the non-SIM device 112 access to thepaid Wi-Fi network 102.

Referring to FIG. 2, a more detailed functional block diagram of theserver with SIM-based authentication of non-SIM devices 104 is shown. Inthis example, the server 104 includes a processor 204 coupled to amemory 206 and a communications unit 208.

The processor 204 may be a single processor or may have two or moreprocessors carrying out all processing required for the operation of theserver 104. In particular, the processor 204 includes a certificateissuer 210 and a SIM-operator authentication/accounting message emulator212. During operation, the certificate issuer 210 generates a digitalcryptographic certificate for the non-SIM device 112. The certificatemay be based on the IEEE 802.1X format, or another suitable format. Thegenerated certificate may be subsequently used to authenticate thenon-SIM device 112 at the server 104. The generated certificate may belinked to the SIM-enabled device 110.

The generated certificate may include, among other things, a public keyand a private key. The generated certificate including thepublic/private key pair may be provisioned or sent to the non-SIM device112 via a secure and authenticated connection (e.g., by using EAP-TLS orEAP-TTLS). This ensures that the non-SIM device 112 will have solepossession of the private key. The public key, on the other hand, may beused to link the generated certificate to the SIM-enabled device 110.

The generated certificate can also be signed. For example, the generatedcertificate may be signed by a certificate chain that includes one ofthe common or trusted root certificate authorities (e.g., Verisign). Thesigned certificate (including both keys) may be sent to the non-SIMdevice 112 via a secure and authenticated connection. In anotherexample, the generated certificate may be signed by a private key heldby the server 104 but not necessarily connected via a certificate chainto a trusted root certificate authority.

To authenticate the non-SIM device 112 at the server 104, only thepublic portion of the certificate (i.e., not including the private key)sent to the non-SIM device 112 is presented or returned to the server104. Moreover, the non-SIM device 112 may sign messages to the server104 using the private key. After receiving the messages, the server 104can use the appropriate public key to decrypt and validate the messages.

In some embodiments, it is contemplated that a third-party entity maygenerate and issue the certificate to the non-SIM device 112. In thisscenario, the certificate issuer 210 may be a separate server or part ofanother server that is separate from the server 104. In fact, thecertificate can even be generated by a user device (e.g., the non-SIMdevice 112), and then transmitted via a secure and authenticatedconnection to the server 104 or another certificate authority forsigning. In other embodiments, the non-SIM device 112 may generate apublic/private key pair and send the public key to the server 104.

Once the server 104 has authenticated the non-SIM device 112, theSIM-operator authentication/accounting message emulator 212 createsemulated messages for the non-SIM device 112 to pass on to the mobileSIM-operator server 106. This is done by using the credentials of theassociated SIM-enabled device 110. For example, when the non-SIM device112 wants access to the Wi-Fi network 102, the emulator 212 may modifyan authentication message (e.g., RADIUS messages per RFC 2865) to theserver 106 for the non-SIM device 112. The authentication message may bemodified to include the credentials of the SIM-enabled device 110. Thus,when the mobile SIM-operator server 106 receives the modifiedauthentication message, it will appear as though the message came fromthe SIM-enabled device 110. As another example, after the non-SIM device112 has finished using the Wi-Fi network 102, the emulator 212 maymodify an accounting message (e.g., RADIUS messages per RFC 2866) to theserver 106 for the non-SIM device 112. The accounting message may bemodified to include the credentials of the SIM-enabled device 110. Thus,when received by the mobile SIM-operator server 106, the modifiedaccounting message may appear to indicate an amount of data used by theSIM-enabled device 110 on the Wi-Fi network 102, but in actuality, thedata was used by the non-SIM device 112.

The memory 206 may include read only memory (ROM), random access memory(RAM), or any other suitable memory that stores processor instructionsand executable code modules for the operation of the server 104. Forexample, the memory 206 may include a certificate issuer code module 216and a SIM-operator authentication/accounting message emulator codemodule 218, that when executed, may respectively cause the issuer 210and the emulator 212 to operate in the manner as described above.Moreover, the memory 206 includes a database 214 that stores variousdata used for the operation of the server 104. While the memory 206 isshown in FIG. 2 as separate from the processor 204, the memory 206 maybe a part of the processor 204.

The communications unit 208 allows the server 104 to receive andtransmit messages and data with the Wi-Fi AP 108 of the network 102 andthe mobile SIM-operator server 106. Accordingly, while not shown in FIG.2, the communications unit 208 may include various elements (e.g.,antennas, receivers, transmitters, modulation/demodulation units, etc.)as known in the art.

Referring to FIG. 3, a more detailed block diagram of the database 214is shown. In this example, the database 214 may be organized accordingto columns 302-308. The database 214 stores, as shown by column 302,identification (ID) information for an account. When the credentials ofa SIM-enabled device (e.g., the SIM-enabled device 110) are firstobtained by the server 104, an account may be created in the database214. The account serves to catalog the SIM-enabled device in thedatabase 214. The account may be identified by a unique account number,for example.

The database 214 stores, as shown by column 304, identification data forthe SIM-enabled device, such as the obtained credentials and a phonenumber for the SIM-enabled device. The credentials may be obtained fromthe SIM card of the device and include information such as aninternational mobile subscriber identity (IMSI), an integrated circuitcard identifier (ICCID), an authentication key (Ki), a local areaidentity (LAI), etc.

The database 214 stores, as shown in column 306, data for a non-SIMdevice certificate with a SIM-enabled device link. As described above,the certificate issuer 210 generates the non-SIM device certificate,which is used to authenticate a non-SIM device (e.g., the non-SIM device112) at the server 104. More importantly, the non-SIM device certificateis linked to the SIM-enabled device. For example, the database 124 maystore a certificate ID for the non-SIM device certificate in column 306.The certificate ID may be an alphanumeric number, a string of text, anemail address, or any other suitable data type. The certificate ID maybe tied to an account number in column 302 that relates to a SIM-enableddevice in the database 214. Thus, the server 104 can search for thecertificate ID in the database 214 to determine the SIM-enabled deviceand hence the credentials associated with the SIM-enabled device. Inanother embodiment, the database 214 may store a public key for non-SIMdevice certificate and tie the public key to the SIM-enabled device.Thereafter, the server 104 may search for the public key in the database214 to determine the SIM-enabled device.

The database 214 stores, as shown in column 308, identification data forthe non-SIM device, such as a device ID (e.g., a serial number, a modelnumber, an IP address, etc.) associated with the non-SIM device. Thenon-SIM device may separately transmit the device ID to the sever 104,for example. A device identifier for the non-SIM device is not reallyneeded to identify the non-SIM device as the generated non-SIM devicecertificate serves that purpose. However, the server 104 may stillobtain and store a device identifier for the non-SIM device in thedatabase 214 for easy device identification purposes.

Referring to FIG. 4, an example method for the operation of the serverwith SIM-based authentication of non-SIM devices 104 will be described.As shown in block 402, the method includes receiving an access requestto access a Wi-Fi network (e.g., the network 102) from a non-SIM device(e.g., the device 112). In one embodiment, receiving the access requestcomprises receiving a non-SIM device certificate with a SIM-enableddevice link from the non-SIM device (see block 702 in FIG. 7).Alternatively or additionally, the access request may comprise a signedor encrypted message from the non-SIM device requesting access to theWi-Fi network.

As shown in block 404, in response to the access request, the methodincludes enabling the non-SIM device to access the Wi-Fi network byemulating an ability of a related SIM-enabled device (e.g., the device110) to access the Wi-Fi network for the non-SIM device as though thenon-SIM device was the SIM-enabled device. Generally, enabling thenon-SIM device to access the Wi-Fi network entails either granting thenon-SIM device access to the Wi-Fi network, or denying the non-SIMdevice access to the Wi-Fi network. Moreover, emulating the ability ofthe related SIM-enabled device to access the Wi-Fi network for thenon-SIM device comprises determining an association betweenidentification data of the non-SIM device and identification data of therelated SIM-enabled device.

In one embodiment, determining the association between theidentification data of the non-SIM device and the related SIM-enableddevice is based on the non-SIM device certificate with a SIM-enableddevice link received from the non-SIM device as part of the accessrequest. In particular, determining the association further comprisesauthenticating the non-SIM device based on the non-SIM devicecertificate with a SIM-enabled device link, and determining the relatedSIM-enabled device in response to the authentication of the non-SIMdevice certificate with a SIM-enabled device link (see blocks 704, 706in FIG. 7).

In another embodiment, determining the association between theidentification data of the non-SIM device and the related SIM-enableddevice is based on obtaining a device ID of the non-SIM device, andsearching a database (e.g., the database 214) for a related SIM-enableddevice linked to that device ID.

Referring to FIGS. 5, 6 and 7, a description of communications betweenthe devices 110, 112 and servers 104, 106, and an example of theoperation of the server 104 will be described. In this example, theserver 104 (e.g., a gateway server) acts to emulate the non-SIM device112 as the SIM-enabled device 110 to the mobile SIM-operator server 106.As such, no integration is required on behalf of the server 106 as thenon-SIM device 112 is made to appear as the SIM-enabled device 110 in away that is transparent to the server 106.

The SIM-enabled device 110 may be related to the non-SIM device 112through, for example, a common owner or user. As shown by arrow 502, therelated SIM-enabled device 110 may first connect to the Wi-Fi network102 through a standard SIM-based authentication (e.g., EAP-SIM orEAP-AKA). This is done so that the server 104 can obtain the credentialsof the SIM-enabled device 110. As shown in block 602 of FIG. 6, theserver 104 may receive a request from the related SIM-enabled device 110to access the Wi-Fi network 102 using an extensible authenticationprotocol (EAP) message. Subsequently, as shown in block 604, the server104, acting as a proxy between the Wi-Fi AP 108 and the mobileSIM-operator server 106, may operate to capture the credentials of therelated SIM-enabled device 110 during the EAP authentication process andstore the credentials in memory (e.g., in the database 214).

To actually connect to the Wi-Fi network 102, the SIM-enabled device 110may download an app or connect to a special webpage linked to a captiveportal of the Wi-Fi network 102. Upon first connecting to the Wi-Finetwork 102, the SIM-enabled device 110 (or any device for that matter)may be placed in a limited access state until the device is properlyauthenticated and given full access to the network services of thenetwork 102.

Next, the related SIM-enabled device 110 may send a phone numberassociated with the device to the server 104 as shown by arrow 504. Theserver 104, in turn, receives the phone number associated with therelated SIM-enabled device 110 and stores the phone number (e.g., in thedatabase 214) as shown in block 606. Generally, a phone number that isassociated with a SIM card can be changed over the air by a mobileoperator. Thus, the phone number may not be stored locally on the SIMcard to be captured by the server 104 during an EAP authenticationprocess. As such, the phone number needs to be sent in a separate step.The phone number can be used as another piece of identification data forthe SIM-enabled device 110. The SIM-enabled device 110 may transmit thephone number to the server 104 via the downloaded app or specialwebpage, for example.

The server 104 then generates a verification code associated with therelated SIM-enabled device 110 in response to receiving the phonenumber, and communicates the verification code associated with therelated SIM-enabled device 110 to the related SIM-enabled device 110 asshown by arrow 506 and block 608. The verification code can be sent tothe device 110 via a text message, for example. As another example, theserver 104 may send the verification code to be displayed in thedownloaded app or special webpage.

Once the verification code has been received by the related SIM-enableddevice 110, the verification code may be relayed to the non-SIM device112 as shown by arrow 508. Relaying can occur via any suitablemechanism, such as manually (e.g., by user input) or automatically(e.g., by using near field communication (NFC) technology). Once thenon-SIM device 112 receives the verification code, the device 112 canreturn the verification code to the server 104 as shown by arrow 510.The purpose of sending and then returning the verification code is toconfirm that a sender or user of the phone number associated with therelated SIM-enabled device 110 has actual control of the phone number.The non-SIM device 112 may transmit the verification code back to theserver 104 via the app or special webpage linked to the captive portalof the Wi-Fi network 102, for example.

The server 104 receives the verification code associated with therelated SIM-enabled device 110 from the non-SIM device 112 as shown inblock 610. The server 104 then generates a non-SIM device certificatewith a SIM-enabled device link in response to receiving the verificationcode as shown in block 612. The non-SIM device certificate with aSIM-enabled device link is used by the server 104 to subsequentlyidentify and authenticate the non-SIM device 112. In generating thenon-SIM device certificate with a SIM-enabled device link, the server104 may generate a public/private key pair. The server 104 maycommunicate the non-SIM device certificate with a SIM-enabled devicelink (including both keys) to the non-SIM device 112 as shown by arrow512 and block 614. This may be done via a secure and authenticatedconnection. Alternatively, the server 104 may first provision thenon-SIM device 112 with the private key via a secure and authenticatedconnection. The server 104 may then send the non-SIM device certificatewith a SIM-enabled device link along with the public key to the non-SIMdevice 112.

As the verification code is associated with the related SIM-enableddevice 110, the server 104 may link the generated certificate to thedevice 110. For example, the server 104 may associate the public keyand/or a certificate ID of the non-SIM device certificate with aSIM-enabled device link with the related SIM-enabled device 110 in thedatabase 214. Thus, when needed, the server 104 can search the publickey and/or the certificate ID in the database 214 to determine therelated SIM-enabled device 110. In another example, the non-SIM devicecertificate with a SIM-enabled device link may include an explicit fieldthat references an identifier associated with the related SIM-enableddevice 110. In this manner, a link to the related SIM-enabled device 110is directly embedded in the non-SIM device certificate with aSIM-enabled device link.

After the non-SIM device 112 receives the non-SIM device certificatewith a SIM-enabled device link, the non-SIM device 112 may wish toconnect to the Wi-Fi network 102. Accordingly, the non-SIM device 112may request access as shown by arrow 514. More particularly, the non-SIMdevice 112 may send the non-SIM device certificate with a SIM-enableddevice link to the server 104. The server 104, in turn, may receive thenon-SIM device certificate with a SIM-enabled device link from thenon-SIM device 112 as shown in block 702. Here, block 702 is aparticular embodiment of block 402 shown in FIG. 4, where receiving theaccess request includes receiving the non-SIM device certificate with aSIM-enabled device link. It should be noted that the non-SIM device 112does not simply return the non-SIM device certificate with a SIM-enableddevice link verbatim to the server 104. Instead, the non-SIM device 112returns the public portion of the certificate (i.e., with the publickey) as the private key is never transmitted anywhere by the non-SIMdevice 112.

The server 104 may subsequently authenticate the non-SIM device 112based on the non-SIM device certificate with a SIM-enabled device linkas shown in block 704. The server 104 may determine the relatedSIM-enabled device 110 in response to the authentication of the non-SIMdevice certificate with a SIM-enabled device link as shown in block 706.Here, blocks 704 and 706 form a particular embodiment of block 404 shownin FIG. 4, where emulating the ability of the related SIM-enabled device110 for the non-SIM device 112 includes determining the associationbetween the related SIM-enabled device 112 and the non-SIM device 110based on authenticating the non-SIM device certificate with aSIM-enabled device link.

Afterward, the server 104 creates an emulated SIM-operatorauthentication message for the non-SIM device 112 using the credentialsof the related SIM-enabled device 110 based on the authenticated non-SIMdevice certificate with a SIM-enabled device link as shown in block 708.The purpose of using the emulated SIM-operator authentication message isto make the server 106 believe that the non-SIM device 112 is therelated SIM-enabled device 110. To this end, the server 104 may createthe emulated SIM-operator authentication message by using thecredentials and/or the phone number of the related SIM-enabled device110.

The server 104 then communicates the emulated SIM-operatorauthentication message for the non-SIM device 112 to the mobileSIM-operator server 106 as shown by arrow 516 and block 710. Uponreceiving the emulated SIM-operator authentication message, the mobileSIM-operator server 106 may think that the related SIM-enabled device110 is the one trying to request access to the Wi-Fi network 102. Thus,the server 106 may send an access response message back to the server104 as shown by arrow 518. Generally, the access response message may bein the form of an access granted message indicating that authorizationhas been given to fully access the network 102. However, in certainsituations, if the server 106 has strict security controls, then theserver 106 may not believe that the emulated SIM-operator authenticationmessage came from the related SIM-enabled device 110. As a result,authentication at the server 106 would fail and the access responsemessage will be in the form of an access denied message.

In any event, the server 104 receives the access response message forthe non-SIM device 112, and communicates the access response message tothe Wi-Fi AP 108 to enable the non-SIM device 112 to access the Wi-Finetwork 102 as shown by arrow 520.

As discussed earlier with relation to FIG. 4, enabling a non-SIM deviceto access a Wi-Fi network entails either granting the non-SIM deviceaccess to the Wi-Fi network, or denying the non-SIM device access to theWi-Fi network. Accordingly, the server 104 may receive one of an accessgranted message or an access denied message for the non-SIM device 112in response to communicating the emulated SIM-operator authenticationmessage to the mobile SIM-operator server 106 as shown in block 712. Theserver 104 may communicate the one of the access granted message or theaccess denied message to an access point 108 of the Wi-Fi network 102 asshown in block 714. In this manner, enabling the non-SIM device 112 toaccess the Wi-Fi network 102 comprises one of granting the non-SIMdevice 112 access to the Wi-Fi network 102 or denying the non-SIM device112 access to the Wi-Fi network 102 based on the one of the accessgranted message or the access denied message.

If access is granted, the non-SIM device 112 may use the network 102 fordata services (e.g., accessing the Internet). The amount of data used bythe non-SIM device 112 on the network 102 may be logged by the Wi-Fi AP108. This data usage information may be send to the server 104 as shownby arrow 522. The server 104, in turn, may receive the data usageinformation indicating the amount of data used by the non-SIM device 112on the Wi-Fi network 102. The server 104 may then create an emulatedSIM-operator accounting message for the non-SIM device 112. Moreparticularly, the server 104 may create the emulated SIM-operatoraccounting message for the non-SIM device 112 using the data usageinformation and the credentials of the related SIM-enabled device 110based on the authenticated non-SIM device certificate with a SIM-enableddevice link. The server 104 may communicate the emulated SIM-operatoraccounting message to the mobile SIM-operator server 106 as shown byarrow 524. Again, the purpose of using the emulated SIM-operatoraccounting message is to make the server 106 believe that the amount ofdata was used by the related SIM-enabled device 110 instead of thenon-SIM device 112. Accordingly, in response to receiving the emulatedSIM-operator accounting message for the non-SIM device 112 from theserver 104, the mobile SIM-operator server 106 may bill an accountassociated with the related SIM-enabled device 110 for the amount ofdata used by the non-SIM device 112 on the Wi-Fi network 102. Forexample, the server 106 may charge a monetary value for the amount ofdata used or debit the amount of data from the data package in theaccount. As an alternative, usage by the non-SIM device 112 on the Wi-Finetwork 102 may be logged in terms of time spent on the network ratherthan an amount of data used.

Referring to FIGS. 8 and 9, a description of communications between thedevices 110, 112 and servers 104, 106, and another example of theoperation of the server 104 will be described. In this example, theserver 104 passes the association between the SIM-enabled device 110 andthe non-SIM device 112 to the mobile SIM-operator server 106. The server106 then creates an additional or dual identity for the non-SIM device112. Here, the server 104 still emulates the ability of the relatedSIM-enabled device 110 for the non-SIM device 112 by determining theassociation between the related SIM-enabled device 112 and the non-SIMdevice 110. However, the server 104 no longer needs to “trick” themobile SIM-operator server 106 by sending emulated messages for thenon-SIM device 112 as the server 106 is fully aware of the existence ofthe non-SIM device 112. As such, in this example, integration isrequired on behalf of the server 106.

The initial steps of FIG. 8 are similar to those of FIG. 5. Briefly, asshown by arrows 802-812, the serve 104 obtains the credentials of therelated SIM-enabled device 110 (802), receives a phone number associatedwith the device 110 (804), sends a verification code to the device 110(806), receives the verification code from the non-SIM device 112 (810),and provisions a non-SIM device certificate with a SIM-enabled devicelink to the device 112 (812).

Subsequently, the non-SIM device 112 may wish to connect to the Wi-Finetwork 102. As such, the non-SIM device 112 may request access as shownby arrow 814. More particularly, the non-SIM device 112 may send thenon-SIM device certificate with a SIM-enabled device link to the server104. The server 104 may authenticate the non-SIM device 112 based on thenon-SIM device certificate with a SIM-enabled device link, and determinethe related SIM-enabled device 110 in response to the authentication ofthe non-SIM device certificate with a SIM-enabled device link. In otherwords, the server 104 may still emulate the ability of the relatedSIM-enabled device 110 for the non-SIM device 112 by determining theassociation between the related SIM-enabled device 112 and the non-SIMdevice 110.

Next, the server 104 communicates the association to the mobileSIM-operator server 106 as shown by arrow 816 and block 902. Theassociation may be, for example, a string of text that includes a deviceID (e.g., a serial number) for the non-SIM device 112 followed by anidentifier for the related SIM-enabled device 110 (e.g., IMSI, a phonenumber, etc.) indicating that the device 112 is associated with thedevice 110. In response to receiving the association, the server 106 maylink the non-SIM device 112 to an account associated with the relatedSIM-enabled device 110.

Accordingly, for non-SIM device 112 to access the Wi-Fi network 102, theserver 104 communicates a SIM-operator authentication message for thenon-SIM device 112 to the mobile SIM-operator server 106 as shown byarrow 818 and block 904. Upon receiving the SIM-operator authenticationmessage for the non-SIM device 112, the server 106 may send an accessresponse message to the server 104 as shown by arrow 820. In turn, theserver 104 may communicate the access response message to the Wi-Fi AP108 as shown by arrow 822. The access response message may be an accessgranted message indicating that authorization has been given to thenon-SIM device 112 to access the Wi-Fi network 102. Thus, the server 104receives the access granted message in response to communicating theSIM-operator authentication message to the mobile SIM-operator server106 as shown by block 906. The server 104 also communicates the accessgranted message to an access point 108 of the Wi-Fi network 102 as shownin block 908. In this regard, enabling the non-SIM device 112 to accessthe Wi-Fi network 102 comprises granting the non-SIM device 112 accessto the Wi-Fi network 102 based on the access granted message.

The non-SIM device 112 may use the network 102 for data services. Theamount of data used by the non-SIM device 112 on the network 102 may belogged by the Wi-Fi AP 108. This data usage information may be send tothe server 104 as shown by arrow 824. As such, the server 104 mayreceive the data usage information indicating the amount of data used bythe non-SIM device 112 on the Wi-Fi network 102. The server 104 maycommunicate a SIM-operator accounting message for the non-SIM device 112using the data usage information to the mobile SIM-operator server 106as shown by arrow 826. Accordingly, the server 106 may receive theSIM-operator accounting message for the non-SIM device 112, and bill theaccount associated with the related SIM-enabled device 110 for theamount of data used by the non-SIM device 112 on the Wi-Fi network 102.

Referring also to FIG. 10, an example method for the operation of themobile SIM-operator server 106 will be described. As shown in block1002, the method includes receiving an association between a non-SIMdevice 112 and a related SIM-enabled device 110 from another server 104.

As shown in block 1004, the method includes linking the non-SIM device112 to an account associated with the related SIM-enabled device 110based on the received association between the non-SIM device 112 and therelated SIM-enabled device 110. This linking can be accomplished in anysuitable manner. For example, a single unified account may be preferred,and as a result, the non-SIM device 112 is simply referenced to theaccount associated with the related SIM-enabled device 110. As anotherexample, the non-SIM device 112 may be referenced to a “child” accountthat is attached to a “parent” account associated with the relatedSIM-enabled device 110. In this scenario, billing in the child accountmay be reflected in the parent account. Alternatively, billing in theparent account could be transferred to the child account. As a furtherexample, a new or separate account may be created for the non-SIM device112. Accordingly, billing in this account may be copied over to theaccount associated with the related SIM-enabled device 110.

As shown in block 1006, the method includes granting the non-SIM device112 access to a Wi-Fi network 102 by communicating an access grantedmessage to the another server 104 in response to receiving aSIM-operator authentication message from the another server 104 for thenon-SIM device 112 to access the Wi-Fi network 102. Here, because theserver 106 knows the non-SIM device 112, the server 106 can interpretthe SIM-operator authentication message to identify and authenticate thenon-SIM device 112, which results in the server 106 granting permissionto the non-SIM device 112 to access the network 102.

As shown in block 1008, the method includes billing the accountassociated with the related SIM-enabled device 110 for an amount of dataused by the non-SIM device 112 on the Wi-Fi network 102 in response toreceiving a SIM-operator accounting message from the another server 104for the non-SIM device 112. Again, because the server 106 knows thenon-SIM device 112, the server 106 can interpret the SIM-operatoraccounting message and bill the account associated with the relatedSIM-enabled device 110, which is linked to the non-SIM device 112.

In addition to providing information for billing purposes, theSIM-operator accounting message can also be used to control access tothe Wi-Fi network 102. For example, in response to learning that thenon-SIM device 112 has consumed more than a certain amount of data, theserver 106 may sent a message to the server 104 instructing that furtheraccess to the network 102 should be restricted or terminated.

In various embodiments, executable suitable instructions may be storedon a non-transitory computer readable storage medium, where theexecutable instructions are executable by one or more processors tocause the one or more processors to perform the actions describedherein. Referring back to FIG. 2, the memory 206 may store executableinstructions, including the code modules 216 and 218, to be executed bythe server 104. The memory 206 may be any suitable memory, such as RAM,non-volatile memory (e.g., ROM, flash memory, EPROM, EEPROM, etc.), adisk storage device, or any other suitable memory that may storeexecutable instructions. Some or all of this functionality may also beimplemented in any other suitable manner such as, but not limited to, asoftware implementation including, for example, a driver implementation,a firmware implementation, a hardware implementation, or any suitablecombination of the example implementations described above.

In situations in which the methods and systems discussed herein maycollect personal information about users, or may make use of personalinformation (e.g., user data), users are provided with one or moreopportunities to control how information is collected about the user andused in one or more described features. A user is provided with controlover whether programs or features collect user data (e.g., informationabout a user's social network, user characteristics (age, gender,profession, etc.), social actions or activities, a user's preferences,content created or submitted by a user, a user's current geographiclocation, etc.). A user is provided with control over whether programsor features collect user information about that particular user or otherusers relevant to the program or feature. Each user for which personalinformation is to be collected is presented with one or more options toallow control over the information collection relevant to that user, toprovide permission or authorization as to whether the information iscollected and as to which portions of the information are to becollected. For example, users can be provided with one or more controloptions over a communication network. In addition, certain data may betreated in one or more ways before it is stored or used, so thatpersonally identifiable information is removed. For example, a user'sidentity may be treated so that no personally identifiable informationcan be determined for the user, or a user's geographic location may begeneralized to a larger region so that a particular location of a usercannot be determined.

In the preceding detailed description, reference has been made to theaccompanying drawings which form a part thereof, and in which is shownby way of illustration specific embodiments in which the invention maybe practiced. These embodiments are described in sufficient detail toenable those skilled in the art to practice the invention, and it is tobe understood that other embodiments may be utilized and that logical,mechanical, chemical and electrical changes may be made withoutdeparting from the spirit or scope of the invention. To avoid detail notnecessary to enable those skilled in the art to practice the invention,the description may omit certain information known to those skilled inthe art. Furthermore, many other varied embodiments that incorporate theteachings of the invention may be easily constructed by those skilled inthe art. Accordingly, the present invention is not intended to belimited to the specific form set forth herein, but on the contrary, itis intended to cover such alternatives, modifications, and equivalents,as can be reasonably included within the spirit and scope of theinvention. The preceding detailed description is, therefore, not to betaken in a limiting sense, and the scope of the present invention isdefined only by the appended claims. The above detailed description ofthe embodiments and the examples described therein have been presentedfor the purposes of illustration and description only and not bylimitation. It is therefore contemplated that the present inventioncover any and all modifications, variations or equivalents that fallwithin the spirit and scope of the basic underlying principles disclosedabove and claimed herein

What is claimed is:
 1. A method by a server for SIM-based authenticationof a non-SIM device, the method comprising: receiving, by the server, anaccess request to access a Wi-Fi network from the non-SIM device; and inresponse to the access request, enabling, by the server, the non-SIMdevice to access the Wi-Fi network by emulating an ability of a relatedSIM-enabled device to access the Wi-Fi network for the non-SIM device asthough the non-SIM device was the related SIM-enabled device.
 2. Themethod of claim 1, wherein emulating the ability of the relatedSIM-enabled device to access the Wi-Fi network for the non-SIM devicecomprises determining an association between identification data of thenon-SIM device and identification data of the related SIM-enableddevice.
 3. The method of claim 2, wherein receiving the access requestcomprises receiving a non-SIM device certificate with a SIM-enableddevice link from the non-SIM device.
 4. The method of claim 3, whereindetermining the association further comprises authenticating the non-SIMdevice based on the non-SIM device certificate with a SIM-enabled devicelink, and determining the related SIM-enabled device in response to theauthentication of the non-SIM device certificate with a SIM-enableddevice link.
 5. The method of claim 4, further comprising: creating, bythe server, an emulated SIM-operator authentication message for thenon-SIM device using credentials of the related SIM-enabled device basedon the authenticated non-SIM device certificate with a SIM-enableddevice link; communicating, by the server, the emulated SIM-operatorauthentication message to a mobile SIM-operator server; receiving, bythe server, one of an access granted message or an access denied messagefor the non-SIM device in response to communicating the emulatedSIM-operator authentication message to the mobile SIM-operator server;communicating, by the server, the one of the access granted message orthe access denied message to an access point of the Wi-Fi network; andwherein enabling the non-SIM device to access the Wi-Fi networkcomprises one of granting the non-SIM device access to the Wi-Fi networkor denying the non-SIM device access to the Wi-Fi network based on theone of the access granted message or the access denied message.
 6. Themethod of claim 1, further comprising: receiving, by the server, a phonenumber associated with the related SIM-enabled device; generating, bythe server, a verification code associated with the related SIM-enableddevice in response to receiving the phone number; communicating, by theserver, the verification code associated with the related SIM-enableddevice to the related SIM-enabled device; receiving, by the server, theverification code associated with the related SIM-enabled device fromthe non-SIM device; generating, by the server, the non-SIM devicecertificate with a SIM-enabled device link in response to receiving theverification code; and communicating, by the server, the non-SIM devicecertificate with a SIM-enabled device link to the non-SIM device.
 7. Themethod of claim 4, further comprising: receiving, by the server, datausage information indicating an amount of data used by the non-SIMdevice on the Wi-Fi network; creating, by the server, an emulatedSIM-operator accounting message for the non-SIM device using the datausage information and the credentials of the related SIM-enabled devicebased on the authenticated non-SIM device certificate with a SIM-enableddevice link; and communicating, by the server, the emulated SIM-operatoraccounting message to a mobile SIM-operator server.
 8. The method ofclaim 7, further comprising: in response to receiving the emulatedSIM-operator accounting message for the non-SIM device from the server,billing, by the mobile SIM-operator server, an account associated withthe related SIM-enabled device for the amount of data used by thenon-SIM device on the Wi-Fi network.
 9. The method of claim 2, furthercomprising communicating, by the server, the association to a mobileSIM-operator server.
 10. The method of claim 9, further comprising:communicating, by the server, a SIM-operator authentication message forthe non-SIM device to the mobile SIM-operator server; receiving, by theserver, an access granted message in response to communicating theSIM-operator authentication message to the mobile SIM-operator server;communicating, by the server, the access granted message to an accesspoint of the Wi-Fi network; and wherein enabling the non-SIM device toaccess the Wi-Fi network comprises granting the non-SIM device access tothe Wi-Fi network based on the access granted message.
 11. The method ofclaim 9, further comprising: receiving, by the server, data usageinformation indicating an amount of data used by the non-SIM device onthe Wi-Fi network; communicating, by the server, a SIM-operatoraccounting message for the non-SIM device using the data usageinformation to the mobile SIM-operator server.
 12. The method of claim11, further comprising: in response to receiving the association,linking, by the mobile SIM-operator server, the non-SIM device to anaccount associated with the related SIM-enabled device; and billing, bythe mobile SIM-operator server, the account associated with the relatedSIM-enabled device for the amount of data used by the non-SIM device onthe Wi-Fi network.
 13. A server communicatively coupled to a Wi-Finetwork, the server comprising: a processor, coupled to a communicationsunit, configured to cause the server to: receive, via the communicationsunit, an access request to access the Wi-Fi network from a non-SIMdevice; and in response to the access request, enable the non-SIM deviceto access the Wi-Fi network by emulating an ability of a relatedSIM-enabled device to access the Wi-Fi network for the non-SIM device asthough the non-SIM device was the SIM-enabled device.
 14. The server ofclaim 13, wherein emulating the ability of the related SIM-enableddevice to access the Wi-Fi network for the non-SIM device comprisesdetermining an association between identification data of the non-SIMdevice and identification data of the related SIM-enabled device. 15.The server of claim 14, wherein receiving the access request comprisesreceiving a non-SIM device certificate with a SIM-enabled device linkfrom the non-SIM device.
 16. The server of claim 15, wherein determiningthe association further comprises authenticating the non-SIM devicebased on the non-SIM device certificate with a SIM-enabled device link,and determining the related SIM-enabled device in response to theauthentication of the non-SIM device certificate with a SIM-enableddevice link.
 17. The server of claim 16, wherein the processor isfurther configured to cause the server: create an emulated SIM-operatorauthentication message for the non-SIM device using credentials of therelated SIM-enabled device based on the authenticated non-SIM devicecertificate with a SIM-enabled device link; communicate, via thecommunications unit, the emulated SIM-operator authentication message toa mobile SIM-operator server; receive, via the communications unit, oneof an access granted message or an access denied message for the non-SIMdevice in response to communicating the emulated SIM-operatorauthentication message to the mobile SIM-operator server; communicate,via the communications unit, the one of the access granted message orthe access denied message to an access point of the Wi-Fi network; andwherein enabling the non-SIM device to access the Wi-Fi networkcomprises one of granting the non-SIM device access to the Wi-Fi networkor denying the non-SIM device access to the Wi-Fi network based on theone of the access granted message or the access denied message.
 18. Theserver of claim 17, wherein the processor is further configured to causethe server to: receive, via the communications unit, a phone numberassociated with the related SIM-enabled device; generate a verificationcode associated with the related SIM-enabled device in response toreceiving the phone number; communicate, via the communications unit,the verification code associated with the related SIM-enabled device tothe related SIM-enabled device; receive, via the communications unit,the verification code associated with the related SIM-enabled devicefrom the non-SIM device; generate the non-SIM device certificate with aSIM-enabled device link in response to receiving the verification code;and communicate, via the communications unit, the non-SIM devicecertificate with a SIM-enabled device link to the non-SIM device. 19.The server of claim 16, wherein the processor is further configured tocause the server to: receive, via the communications unit, data usageinformation indicating an amount of data used by the non-SIM device onthe Wi-Fi network; create an emulated SIM-operator accounting messagefor the non-SIM device using the data usage information and thecredentials of the related SIM-enabled device based on the authenticatednon-SIM device certificate with a SIM-enabled device link; andcommunicate, via the communications unit, the emulated SIM-operatoraccounting message to a mobile SIM-operator server.
 20. A method by aserver to authenticate a non-SIM device, the method comprising:receiving, by the server, an association between the non-SIM device anda related SIM-enabled device from another server; linking, by theserver, the non-SIM device to an account associated with the relatedSIM-enabled device based on the received association between the non-SIMdevice and the related SIM-enabled device; granting, by the server, thenon-SIM device access to a Wi-Fi network by communicating an accessgranted message to the another server in response to receiving aSIM-operator authentication message from the another server for thenon-SIM device to access the Wi-Fi network; and billing, by the server,the account associated with the related SIM-enabled device for an amountof data used by the non-SIM device on the Wi-Fi network in response toreceiving a SIM-operator accounting message from the another server forthe non-SIM device.